Based on its initial charge, the Registries subteam developed a functional model of Identity Registries, a Glossary, and collected a list of functional requirements from subteam participants. The requirements list is fairly comprehensive in that it covers almost areas of interest in a Registries system, but the list has not been edited for consistency, nor prioritized. More requirements could be added.
Three projects assessed their capabilities against the requirements: OpenRegistry, the PSU Central Person Registry, and Kuali Identity Management. There are pluses and minuses to each projects, as detailed below. A fourth project, ForgeRock, may also be assessed. At this point no one project stands out as the obvious one to choose based on either current functionality or likely future wonderfulness.
OpenRegistry is a system designed to be very close to the functionality the subteam has defined for a Registries system. It is intended to be a system that could be deployed at many sites.
OpenRegistry meets most of the collected Registries requirements.
OpenRegistry is still under development and has not yet been deployed by any institution (yes?), so there is no information about how well it performs in practice, or how well it meets needs for flexibility and extensibility. The project historically has suffered from some lack of continuity and lack of participation. It is currently primarily driven by one institution. Some institutions have used its code (i.e., forked its code) as a base for their own registry development.
The PSU-CPR is also a system designed to be very close to the functionality the subteam has defined for a Registries system. PSU-CPR has been developed by PSU to meet its institutional needs, which are similar to those of other large institutions.
PSU-CPR meets most of the collected Registries requirements.
PSU-CPR has not been specifically designed to be used by other sites; e.g. no external licensing or distribution packaging. It is still under development, so there is no information about how well it performs in practice, or how well it meets needs for flexibility and extensibility. The PSU project is funded and staffed to be completed and in production by the end of 2011.
KIM, a component of Kuali Rice provides a large set of IAM services; for this purpose the subteam is looking at KIM's identity registry functions. KIM is designed to meet the IAM needs of Kuali applications.
KIM meets most of the collected Registries requirements, though somewhat fewer than OpenRegistry or PSU-CPR.
KIM has been in use by many sites in production for a few years. Version 2.0 is under development and is slated for release in Q1 2012. Extending the current system to meet institutional needs as defined by the subteam would require some redesign. Kuali Rice has an established means for organizing interested parties to support large development projects.
ForgeRock is a commercial operation developing and supporting an open-source set of IAM packages many of which are based on the open-source Sun packages that made up the Sun IAM product suite. The products have been reasonably successful and the company has grown in the last couple of years. There may be opportunities for engagement from our community.
The ForgeRock suite does not appear to include a component that matches the functionality defined by the Registries subteam.
The team has general agreement on these things: